Vulnerabilities in Agent v7.64.3

[JideEngDev]

Could you please help in resolving these following vulnerabilities?

• CVE-2025-22872 - golang.org/x/net:v0.35.0
• CVE-2025-22870 - golang.org/x/net:v0.35.0
• CVE-2024-12797 - cryptography:43.0.1
• CVE-2024-40635 - github.com/containerd/containerd:v1.7.25

[sgnn7]

Hi @JideEngDev ,

• The first two have been fixed on main.
• Forth one seems also fixed on main.

For these, I'd just make sure to use the newest releases when they become available.

As for the third one, it's a bit outside of the scope of my context but maybe someone else familiar can answer.

[JideEngDev]

@sgnn7 Thanks for responding. Do you have an idea when the next agent version will be released?

[sgnn7]

@JideEngDev We don't provide exact dates for releases as it's an iterative process until we are happy with the artifacts but what I can say is that 7.65 seems to be in the tail end of QA so you shouldn't be waiting long.

[sgnn7]

@JideEngDev Agent v7.65.0 was just released :)

[JideEngDev]

Thank you @sgnn7! We can close this

[JideEngDev]

@sgnn7 The latest version resolved these vulnerabilities. It also introduced a new one :

CVE-2025-46569 - github.com/open-policy-agent/opa:v0.70.0

[sgnn7]

Hi @JideEngDev ,
Glad to see that your original issue is resolved .

As for your follow-up detection, it's being worked on:

• Bump github.com/open-policy-agent/opa from 0.70.0 to 1.2.0 #34784
• [CSPM] use text/template-less fork of opa #36634

On a broader scale, given that all software contains numerous (and in our case countless) third-party dependencies, you will likely see this rolling fix pattern since it's a perpetual ongoing effort to remediate new detections as they come up. My suggestion is that you keep an eye on pull requests and our release cycles to have a sense of when they will be fixed.

For now, I'll close this issue so that we don't muddy the original submission remediation and thank you for your report!